SaltStack and openSUSE

This blog post was first published via HackMD to Twitter, G+ and Reddit.

If you haven't been living under a rock, you've certainly noticed that SaltStack is one of the hot topics within openSUSE and SUSE. It is used in many of the major openSUSE projects like DeepSea for managing and automating Ceph deployments, in Kubic to provision Kubernetes cluster or the newly announced Spacewalk fork Uyuni project to manage your whole IT infrastructure. Therefore I think it's time to take a closer look at how SaltStack itself is being packaged and shipped and how you might collaborate.


Let's talk about the RPM packages itself for a moment. Usually when you install SaltStack (zypper in salt), you don't have to care from which repository the packages are coming. They are either in the Leap or Tumbleweed repos. But before they end up there, they are first in saltstack:testing/salt (which is for testing the new changes) and then in saltstack/salt. After the patches are accepted to saltstack/salt, the state is pushed to openSUSE:Factory/salt. This is only true for now, because we've got the rare condition where Leap 42.3, Leap 15, Tumbleweed and SLE15 are shipping SaltStack 2018.3.0. But this will change in the future, because Tumbleweed will move on. Leap 15 and SLE 15 will both stick to the same version, which is 2018.3.0. I know that this was different in the past. But this caused confusion and there is no good reason for having a different version in Leap and SLE.

But don't let the version numbers fool you. We are still pulling in bugfixes and even backport important features if we need them.

How to get changes in?

This is the easy part. Just do it upstream, and wait for the changes to be approved and merged. Then create a pull request in the openSUSE/salt GitHub repository by cherry picking your changes from upstream, and squashing them into a single commit.

You can also do this for upstream changes you think should be in the openSUSE package. I can't guarantee that everything will be accepted. But just try it!

What is already in?

Previously I've mentioned that even though we are shipping version 2018.3.0 of SaltStack, we don't just stick to the dot-release. The SaltStack dot-release is just the base the openSUSE SaltStack package is build on. That's why there are already 25 patches coming with that package. In the spec file you can even find the links to the upstream pull requests. This is an easy way to keep track of what got fixed and what you might want to cherry pick from upstream. ;)

Currently the patch list looks like this:

Patch1:        run-salt-master-as-dedicated-salt-user.patch  
Patch2:        run-salt-api-as-user-salt-bsc-1064520.patch  
Patch3:        activate-all-beacons-sources-config-pillar-grains.patch  
Patch4:        avoid-excessive-syslogging-by-watchdog-cronjob-58.patch  
Patch5:        feat-add-grain-for-all-fqdns.patch  
Patch6:        fix-bsc-1065792.patch  
Patch7:        remove-obsolete-unicode-handling-in-pkg.info_install.patch  
Patch8:        fix-openscap-push.patch  
Patch9:        move-log_file-option-to-changeable-defaults.patch  
Patch10:       fix-cp.push-empty-file.patch  
Patch11:       fix-decrease-loglevel-when-unable-to-resolve-addr.patch  
Patch12:       make-it-possible-to-use-login-pull-and-push-from-mod.patch  
Patch14:       add-saltssh-multi-version-support-across-python-inte.patch  
Patch15:       fix-for-errno-0-resolver-error-0-no-error-bsc-108758.patch  
Patch16:       fall-back-to-pymysql.patch  
Patch17:       strip-trailing-commas-on-linux-user-gecos-fields.patch  
Patch18:       provide-kwargs-to-pkg_resource.parse_targets-require.patch  
Patch19:       initialize-__context__-retcode-for-functions-handled.patch  
Patch20:       fixed-usage-of-ipaddress.patch  
Patch21:       extra-filerefs-include-files-even-if-no-refs-in-stat.patch  
Patch22:       option-to-merge-current-pillar-with-opts-pillar-duri.patch  
Patch23:       do-not-override-jid-on-returners-only-sending-back-t.patch  
# PATCH-FIX_OPENSUSE bsc#1091371
Patch24:       enable-passing-a-unix_socket-for-mysql-returners-bsc.patch  
Patch25:       fix-for-ec2-rate-limit-failures.patch  

I hope you enjoyed this little overview. Just ping me on freenode#suse if you've got questions or suggestions. My nick is brejoc and brejoc[m].

Have fun and happy hacking!

1. DeepSea is not an openSUSE project. It is driven by SUSE.
2. Some rephrasing.
3. Added Matrix/IRC nick.